Primary

Context

GLPI Unauthorized API Access Vulnerability Allowing Knowledge Base Item Disclosure

Vulnerability

Patched

A vulnerability exists in GLPI versions 9.1.0 prior to 10.0.21, allowing unauthorized users with API access to read all knowledge base entries. This issue arises from insufficient visibility restrictions, enabling access to knowledge base items that should be restricted.

Impact

Exploitation of this vulnerability allows unauthorized users to access and read knowledge base entries through the GLPI API, potentially leading to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, an unauthorized user must send a request to the GLPI API while using a version of GLPI that is affected by this vulnerability (9.1.0 prior to 10.0.21). The absence of proper visibility restrictions will allow the user to access all knowledge base entries.

Remediation

Users should upgrade to GLPI version 10.0.21, where this vulnerability has been patched.

Added: Dec 16, 2025, 10:18 PM

Updated: Dec 16, 2025, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.3

remediation

7.7

relevance

1.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.3

remediation

7.7

relevance

1.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Unauthorized API Access Vulnerability Allowing Knowledge Base Item Disclosure

Vulnerability

Impact

Reproduction

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating